# Firewall

The network topology consists of one switch called **s1** and three hosts, **h1**, **h2** and **h2**. Their IP and MAC addresses can be found below.

![title](imgs/firewall.png)

In [1]:
#!/usr/bin/python

import os

from mininet.log import setLogLevel, info
from mn_wifi.cli import CLI
from mn_wifi.net import Mininet_wifi
from mn_wifi.bmv2 import P4Switch


def topology():
    'Create a network.'
    net = Mininet_wifi()

    info('*** Adding hosts\n')
    h1 = net.addHost('h1', ip='10.0.0.1', mac="00:00:00:00:00:01")
    h2 = net.addHost('h2', ip='10.0.0.2', mac="00:00:00:00:00:02")
    h3 = net.addHost('h3', ip='10.0.0.3', mac="00:00:00:00:00:03")

    path = os.path.dirname(os.getcwd())
    config = path + '/p4-scenarios/firewall.txt'
    json_file = path + '/p4-scenarios/firewall.json'

    info('*** Adding Switch\n')
    s1 = net.addSwitch('s1', cls=P4Switch, netcfg=True, thriftport=50001,
                       json=json_file, switch_config=config)

    info('*** Configuring WiFi Nodes\n')
    net.configureWifiNodes()

    info('*** Creating links\n')
    net.addLink(h1, s1)
    net.addLink(h2, s1)
    net.addLink(h3, s1)

    info('*** Starting network\n')
    net.start()
    net.staticArp()

    info('*** Running CLI\n')
    CLI(net)

    info('*** Stopping network\n')
    net.stop()


if __name__ == '__main__':
    setLogLevel('info')
    topology()

*** Adding hosts
*** Adding Switch
*** Configuring WiFi Nodes
*** Creating links
*** Starting network
*** Starting controller(s)

*** Starting L2 nodes
s1 

....⚡️ simple_switch_grpc @ 29690 thrift @ 50001



*** Running CLI
*** Starting CLI:


mininet-wifi> s1 simple_switch_CLI --thrift-port 50001 <<<"table_add MyIngress.check_ports set_direction 2 1 => 1"


Obtaining JSON from switch...
Done
Control utility for runtime P4 table manipulation
RuntimeCmd: Adding entry to exact match table MyIngress.check_ports
match key:           EXACT-00:02	EXACT-00:01
action:              set_direction
runtime data:        01
Invalid table operation (DUPLICATE_ENTRY)
RuntimeCmd: 


mininet-wifi> s1 simple_switch_CLI --thrift-port 50001 <<<"table_add MyIngress.check_ports set_direction 1 2 => 0"


Obtaining JSON from switch...
Done
Control utility for runtime P4 table manipulation
RuntimeCmd: Adding entry to exact match table MyIngress.check_ports
match key:           EXACT-00:01	EXACT-00:02
action:              set_direction
runtime data:        00
Invalid table operation (DUPLICATE_ENTRY)
RuntimeCmd: 


mininet-wifi> h3 ping -c1 h1


PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=63 time=1.05 ms

--- 10.0.0.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.051/1.051/1.051/0.000 ms


mininet-wifi> h2 ping -c1 h1


PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.

--- 10.0.0.1 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms



mininet-wifi> exit


*** Stopping network
*** Stopping 0 controllers

*** Stopping 3 links
...
*** Stopping switches/access points
s1 
*** Stopping nodes
h1 h2 h3 

*** Removing WiFi module and Configurations

*** Done


**Great work!**